-
Type:
Task
-
Resolution: Fixed
-
Priority:
Major - P3
-
Affects Version/s: None
-
Component/s: None
-
None
-
Server Security
-
Fully Compatible
-
Server Security 2026-04-24, Server Security 2026-05-08
-
200
-
None
-
None
-
None
-
None
-
None
-
None
-
None
Currently in the server, a post-auth user with role X will have any privileges added or removed from X take effect immediately, in-session.
A post-auth user who has all roles removed, for example, loses all privileges even if their state remains authenticated.
We do not have tests that codify this behaviour and should add these.